From: Geoff Thorpe <[EMAIL PROTECTED]>
> Hi there,
>
[snip]
> > > psmith> IMHO this is a legitimate reason to cast away const, and that
> > > psmith> the "const" notation on the arguments to lhash is useful for
> > > psmith> self-documentation purposes, at the least.
> > >
> > > Hmm, perhaps you're right. I'm just a bit worried about how hard it
> > > might become if someone is stupid enough to actually use the returned
> > > (non-const) pointer to change something that is on RO memory...
> >
> > Exactly.
>
> Well, if I'm not mistaken - none of the current changes should involve
> returning non-consts pointers to const memory, and that is not even the
> issue at hand: in fact it's quite the opposite. The issue *is* (again, if
> I'm not mistaken) that we want the exposed API to be locked up a bit
> tighter with in-values being declared as "const" where in any sane world
> they should be (and thus, application programmers can benefit from the
> discipline that brings back into their own compilation checking) even
> though OpenSSL itself is in certain weird ways sometimes modifying what
> that "const" parameter was referring to. Bear in mind also that in *all*
[snip]
A clear and concise explanation for the justification of constifying the
library - the API exposed to the applications programmer. What the
library does internally with the memory should have no affect upon the
calling application's state.
If the function expects a const pointer, I will provide one and assume
the buffer will not become "tainted" by the function on return. Should
the function return a const pointer, I will not modify the contents
pointed to by it. Viewed in this light, const is a form of contract
between caller and callee.
I know this is elementary to the readers of this mail group. My point is
that if the constification can be made to the exposed APIs without
causing undo performance degradation or code breakage then I'm for
it. Even if only half of the exposed function parameters can be constifyed
then that is at least self-documenting code which helps those of us from
an "older" generation who's arms get sore continually reaching for API
specifications because our neural memory banks are full . Thanks! ;-)
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
